Repository: cxf-fediz Updated Branches: refs/heads/master 2a5b457ea -> 3f0b480d0
Fixing Metadata signature creation Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/3f0b480d Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/3f0b480d Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/3f0b480d Branch: refs/heads/master Commit: 3f0b480d0cd901df28582cd762291b1b14eebef3 Parents: 2a5b457 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Sep 18 20:57:34 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Sep 18 20:57:34 2014 +0100 ---------------------------------------------------------------------- .../cxf/fediz/core/metadata/MetadataWriter.java | 5 +++-- .../cxf/fediz/core/util/SignatureUtils.java | 16 +++----------- .../core/federation/FederationMetaDataTest.java | 22 ++++++++++++++++++-- .../fediz/service/idp/util/MetadataWriter.java | 16 +++++++------- 4 files changed, 33 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java index fe5efc3..1f647b9 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java @@ -34,6 +34,7 @@ import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamWriter; import org.w3c.dom.Document; + import org.apache.cxf.fediz.core.config.Claim; import org.apache.cxf.fediz.core.config.FederationProtocol; import org.apache.cxf.fediz.core.config.FedizContext; @@ -124,10 +125,10 @@ public class MetadataWriter { LOG.info("No signingKey element found in config: " + ex.getMessage()); } if (hasSigningKey) { - ByteArrayOutputStream result = SignatureUtils.signMetaInfo( + Document result = SignatureUtils.signMetaInfo( config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(), config.getSigningKey().getKeyPassword(), is, referenceID); if (result != null) { - is = new ByteArrayInputStream(result.toByteArray()); + return result; } else { throw new ProcessingException("Failed to sign the metadata document: result=null"); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java index ba2e1d9..ab4d211 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java @@ -19,7 +19,6 @@ package org.apache.cxf.fediz.core.util; -import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.security.PrivateKey; import java.security.cert.X509Certificate; @@ -42,10 +41,6 @@ import javax.xml.crypto.dsig.keyinfo.X509Data; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import javax.xml.crypto.dsig.spec.TransformParameterSpec; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; @@ -59,13 +54,12 @@ public final class SignatureUtils { private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM"); private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance(); - private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance(); private SignatureUtils() { } - public static ByteArrayOutputStream signMetaInfo(Crypto crypto, String keyAlias, String keyPassword, + public static Document signMetaInfo(Crypto crypto, String keyAlias, String keyPassword, InputStream metaInfo, String referenceID) throws Exception { if (keyAlias == null || "".equals(keyAlias)) { keyAlias = crypto.getDefaultX509Identifier(); @@ -163,12 +157,8 @@ public final class SignatureUtils { // step 4 // Output the resulting document. - - ByteArrayOutputStream os = new ByteArrayOutputStream(8192); - Transformer trans = TRANSFORMER_FACTORY.newTransformer(); - trans.transform(new DOMSource(doc), new StreamResult(os)); - os.flush(); - return os; + + return doc; } } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java index 211df13..f49c90d 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationMetaDataTest.java @@ -25,6 +25,8 @@ import java.net.URL; import javax.xml.transform.TransformerException; import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.apache.cxf.fediz.common.SecurityTestUtil; import org.apache.cxf.fediz.core.config.FedizConfigurator; import org.apache.cxf.fediz.core.config.FedizContext; @@ -32,6 +34,10 @@ import org.apache.cxf.fediz.core.exception.ProcessingException; import org.apache.cxf.fediz.core.processor.FederationProcessorImpl; import org.apache.cxf.fediz.core.processor.FedizProcessor; import org.apache.cxf.fediz.core.util.DOMUtils; +import org.apache.xml.security.exceptions.XMLSecurityException; +import org.apache.xml.security.keys.KeyInfo; +import org.apache.xml.security.signature.XMLSignature; +import org.apache.xml.security.signature.XMLSignatureException; import org.junit.AfterClass; import org.junit.Assert; @@ -62,7 +68,7 @@ public class FederationMetaDataTest { @org.junit.Test - public void validateMetaDataWithAlias() throws ProcessingException { + public void validateMetaDataWithAlias() throws ProcessingException, XMLSignatureException, XMLSecurityException { FedizContext config = loadConfig("ROOT"); @@ -70,12 +76,25 @@ public class FederationMetaDataTest { Document doc = wfProc.getMetaData(config); Assert.assertNotNull(doc); + Node signatureNode = doc.getElementsByTagName("Signature").item(0); + Assert.assertNotNull(signatureNode); + + doc.getDocumentElement().setIdAttributeNS(null, "ID", true); + try { DOMUtils.writeXml(doc, System.out); } catch (TransformerException e) { fail("Exception not expected: " + e.getMessage()); } + // Validate the signature + XMLSignature signature = new XMLSignature((Element)signatureNode, ""); + KeyInfo ki = signature.getKeyInfo(); + Assert.assertNotNull(ki); + Assert.assertNotNull(ki.getX509Certificate()); + + Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate())); + } @org.junit.Test @@ -112,6 +131,5 @@ public class FederationMetaDataTest { } } - } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/3f0b480d/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java ---------------------------------------------------------------------- diff --git a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java index 237b32c..b50961b 100644 --- a/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java +++ b/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java @@ -31,8 +31,8 @@ import javax.xml.stream.XMLOutputFactory; import javax.xml.stream.XMLStreamWriter; import org.w3c.dom.Document; + import org.apache.cxf.fediz.core.util.CertsUtils; -import org.apache.cxf.fediz.core.util.DOMUtils; import org.apache.cxf.fediz.core.util.SignatureUtils; import org.apache.cxf.fediz.service.idp.domain.Claim; import org.apache.cxf.fediz.service.idp.domain.Idp; @@ -42,10 +42,10 @@ import org.apache.xml.security.utils.Base64; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import static org.apache.cxf.fediz.core.FederationConstants.SAML2_METADATA_NS; -import static org.apache.cxf.fediz.core.FederationConstants.SCHEMA_INSTANCE_NS; -import static org.apache.cxf.fediz.core.FederationConstants.WS_ADDRESSING_NS; -import static org.apache.cxf.fediz.core.FederationConstants.WS_FEDERATION_NS; +import static org.apache.cxf.fediz.core.FedizConstants.SAML2_METADATA_NS; +import static org.apache.cxf.fediz.core.FedizConstants.SCHEMA_INSTANCE_NS; +import static org.apache.cxf.fediz.core.FedizConstants.WS_ADDRESSING_NS; +import static org.apache.cxf.fediz.core.FedizConstants.WS_FEDERATION_NS; public class MetadataWriter { @@ -170,14 +170,12 @@ public class MetadataWriter { InputStream is = new ByteArrayInputStream(bout.toByteArray()); - ByteArrayOutputStream result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(), is, referenceID); + Document result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(), is, referenceID); if (result != null) { - is = new ByteArrayInputStream(result.toByteArray()); + return result; } else { throw new RuntimeException("Failed to sign the metadata document: result=null"); } - - return DOMUtils.readXml(is); } catch (RuntimeException e) { throw e; } catch (Exception e) {
